What's new and changed in the platform

Platform updates can include new features, bug fixes, and security updates. Updates are listed in reverse chronological order so that the latest release is at the beginning of the topic.

The platform is composed of the IBM Cloud Pak® for Data platform operator and the Cloud Pak for Data control plane. Updates can be released for either or both of these components.

You can see a list of the new features for the platform and all of the services at What's new in IBM Cloud Pak for Data.

Cloud Pak for Data Version 4.7.4

Platform components
IBM Cloud Pak for Data platform operator: 4.4.0
IBM Cloud Pak for Data control plane operand: 5.0.2

This release includes the following changes:

Updates

Version 4.7.4 includes various fixes to the platform operator.

Cloud Pak for Data Version 4.7.3

Platform components
IBM Cloud Pak for Data platform operator: 4.3.0
IBM Cloud Pak for Data control plane operand: 5.0.2

This release includes the following changes:

Customer-reported issues fixed in this release

The following issues, which were reported by customers, are fixed in Cloud Pak for Data Version 4.7.2.

Issues fixed in this release
After upgrading to Version 4.7, custom monitors fail with a 500 error
  • Issue: When you try to view information about an alert or event triggered by a custom monitor, you see the following error:
    Error Request failed with status code 500
    The data cannot be displayed.
    You don't have the appropriate permissions to access the
    Platform Management service. If you need access to the
    service, contact your administrator

    Prior to upgrading to Version 4.7, you could access the information from the web client.

  • Resolution: If you have the appropriate permissions to view the Alerts and events page, you can see the alerts and events triggered by a custom monitor.
zen-metastoredb pods continue to run after upgrading to Version 4.7
  • Issue: The zen-metastoredb pods are no longer needed in Version 4.7; however, the pods continue to run after you upgrade to Version 4.7.
  • Resolution: The zen-metastoredb pods are removed when you upgrade to Version 4.7.3.

Cloud Pak for Data Version 4.7.2

Platform components
IBM Cloud Pak for Data platform operator: 4.2.0
IBM Cloud Pak for Data control plane operand: 5.0.1

This release includes the following changes:

New features

Version 4.7.2 of the Cloud Pak for Data platform includes the following features and updates:

Use additional attributes to create dynamic user groups
By default, you can use only four pre-defined attributes to create dynamic user groups. Starting in Cloud Pak for Data Version 4.7.2, you can use one of the following methods to specify additional attributes when you create a dynamic user group. For a high-level comparison of the options, see Specifying additional attributes that can be used to create dynamic user groups.
Adding attributes from your LDAP to the Identity Management Service
If you want to use attributes that are defined in your identity provider, you can configure the Identity Management Service to return the attributes. Then, you can configure Cloud Pak for Data to use the attributes. For more information, see Using additional attributes from your identity provider to create dynamic user groups.
Creating a custom attribute provider
If you want to use attributes that are not defined in your identity provider, you can create a custom attributes provider. With a custom attribute provider, you can provide information that is not part of your company's primary IdP. After you create a custom attributes provider, you can configure Cloud Pak for Data to use the attributes. For more information, see Using a custom attribute provider to specify additional attributes that can be used to create dynamic user groups.
Give a user the minimum role-based access control to install software
A cluster administrator can give another user the minimum role-based access control (RBAC) to install various Cloud Pak for Data components.
Important: This method is recommended only for customers with rigid security requirements. It is not recommended for most customers because it requires additional planning and maintenance.
Minimum RBAC to install the scheduling service
By default, a cluster administrator must install the scheduling service. However, you can optionally give another user the minimum role-based access control (RBAC) that is needed to install the scheduling service. For more information, see Giving a user the minimum RBAC to install the scheduling service.
Minimum RBAC to install an instance of Cloud Pak for Data
If a user other than the cluster administrator will install Cloud Pak for Data, you must give a Red Hat® OpenShift® Container Platform user the appropriate permissions to install the software in the instance projects. You can use one of the following methods to give the user the required permissions:
Giving the user the admin role (recommended)
To give a user the admin role on the projects associated with the instance, see Authorizing a user to act as an instance administrator.
Giving the user the minimum RBAC
To give a user the required permissions to install the software without giving the user the admin role on the projects associated with the instance, see Giving a user the minimum RBAC to install Cloud Pak for Data components
Customer-reported issues fixed in this release

The following issues, which were reported by customers, are fixed in Cloud Pak for Data Version 4.7.2.

Cloud Pak for Data Version 4.7.1

Platform components
IBM Cloud Pak for Data platform operator: 4.1.0
IBM Cloud Pak for Data control plane operand: 5.0.0

This release includes the following changes:

Installation enhancements

Version 4.7.1 of the Cloud Pak for Data platform includes the following features and updates:

Upgrades from Version 4.5
Starting with Cloud Pak for Data Version 4.7.1, you can upgrade your existing Version 4.5.x environment to Version 4.7. For more information, see Upgrading from IBM Cloud Pak for Version 4.5 to Version 4.7.

Cloud Pak for Data Version 4.7.0

Platform components
IBM Cloud Pak for Data platform operator: 4.0.0
IBM Cloud Pak for Data control plane operand: 5.0.0

This release includes the following changes:

Red Hat OpenShift Container Platform support
You can deploy Cloud Pak for Data Version 4.7 on the following versions of Red Hat OpenShift Container Platform:
  • Version 4.10.0 or later fixes
  • Version 4.12.0 or later fixes
Installation enhancements
More control over instances with the private topology
Starting in IBM Cloud Pak for Data Version 4.7, each instance of Cloud Pak for Data has its own set of operators. The private topology simplifies the process of installing and managing multiple instances of Cloud Pak for Data at different releases on a single cluster.

The private topology replaces the express installation topology and the specialized installation topology.

If you are upgrading to IBM Cloud Pak for Data Version 4.7, you must migrate your existing installation to the private topology.

For more information, see Supported project (namespace) configurations.

Install or upgrade multiple components in parallel
Starting in IBM Cloud Pak for Data Version 4.7, you can install or upgrade multiple components in parallel. When you run a batch installation or upgrade, the apply-cr command automatically installs or upgrades up to 4 components at a time.

The apply-cr command ensures that the specified components are installed in the correct order. For example, the command ensures that the control plane is installed before any services are installed.

You can adjust the number of components that are installed or upgraded in parallel by specifying the --parallel_num option. For more information, see the manage apply-cr command reference.

New features
FIPS 140-2 compliance
Many of the services in IBM Cloud Pak for Data Version 4.7 are FIPS 140-2 compliant.
Important: In previous versions of Cloud Pak for Data, most software could be installed on a FIPS-enabled cluster, however, the software did not meet the FIPS requirements. For example:
  • The software did not use FIPS-certified modules for encryption.
  • Some software implicitly turned off FIPS mode to access modules that were not FIPS-compliant on Red Hat OpenShift Container Platform or on Red Hat Enterprise Linux®.

In Version 4.7, services that are FIPS 140-2 compliant use FIPS-certified modules for encryption and use only modules that are available in FIPS mode. In some situations, this might result in a loss of functionality if the service previously ran on FIPS-enabled clusters without being FIPS 140-2 compliant. For example, some JDBC drivers are not FIPS-compliant, so connections that worked in previous releases of Cloud Pak for Data might not work in Version 4.7. For more information, see Known issues on FIPS-enabled clusters.

For a complete list of the services that are FIPS 140-2 complaint, see Services that support FIPS.

CIS Benchmarks
The CIS Benchmarks, from the Center for Internet Security, are a set of best practices that help security practitioners implement and maintain cybersecurity defenses. The Kubernetes CIS Benchmark includes configuration guidelines for Red Hat OpenShift Container Platform v4.

The IBM Cloud Pak for Data control plane and services are tested against the OpenShift Compliance Operator CIS profiles. For more information, see CIS Benchmark for Red Hat OpenShift Container Platform v4.

Simpler process to back up and restore Cloud Pak for Data
Starting in Cloud Pak for Data Version 4.7, backups that are created with the Cloud Pak for Data OADP backup and restore utility are run at the instance level. With this approach, you can back up and restore all the projects (namespaces) that are associated with an instance of Cloud Pak for Data in a single orchestrated sequence instead of backing up and restoring the projects separately.

For more information, see the following topics:

Estimate the amount of storage for a backup
You can use the cpd-cli oadp du-pv command to estimate how much storage space you need for a backup. Use the command to ensure that you have sufficient space for your backup.
Cloud Pak for Data APIs restructured and improved
The available APIs in Cloud Pak for Data topic includes more links to APIs that you can use. You can also find links to service-specific APIs from service landing pages. For example, you can find the link to the Watson™ Data API from the Watson Knowledge Catalog service landing page.

The Cloud Pak for Data Platform API in IBM® Cloud API Docs now includes the following methods and examples:

Deprecated features
LDAP integration provided by Cloud Pak for Data
By default, IBM Cloud Pak for Data user records are stored in an internal repository. However it is strongly recommended that you use an enterprise-grade password management solution, such as single sign-on (SSO) or LDAP.

If you decide to use an LDAP server, you currently have two methods for connecting to your LDAP server:

  • The LDAP integration provided by Cloud Pak for Data.
  • The LDAP integration provided by the IBM Cloud Pak foundational services Identity Management Service.

The LDAP integration provided by Cloud Pak for Data is deprecated and will be removed in a future release.

Installing
If you are installing IBM Cloud Pak for Data for the first time and you want to use an LDAP server to manage access to the platform, use the LDAP integration provided by the Identity Management Service. For more information, see Integrating with the Identity Management Service.
Upgrading
If you are upgrading to IBM Cloud Pak for Data Version 4.7 and you currently use the LDAP integration provided by Cloud Pak for Data, it is strongly recommended that you migrate your existing configuration to the Identity Management Service. To migrate your LDAP configuration:
  1. Integrate with the Identity Management Service.
  2. Change the cpadmin user to admin.
  3. Connect to your current LDAP server from the Identity Management Service (links to the IBM Cloud Pak foundational services documentation).

Repeat these steps for each instance of Cloud Pak for Data, that you want to integrate with the Identity Management Service.

Express and specialized installation topologies
Previously, all instance of IBM Cloud Pak for Data on a cluster were managed by a set of shared operators. The location of the operators depended on the installation topology that you chose when you installed IBM Cloud Pak for Data:
Express installation topology
In an express installation, the shared IBM Cloud Pak for Data operators were co-located with the shared IBM Cloud Pak foundational services operators in the ibm-common-services project.
Specialized installation topology
In a specialized installation, the shared IBM Cloud Pak for Data operators were in a separate project from the shared IBM Cloud Pak foundational services operators, which were typically in the ibm-common-services project.

Starting in IBM Cloud Pak for Data Version 4.7, both of these installation topologies are replaced by the private topology. In the private topology, each instance of Cloud Pak for Data has its own set of operators. When you upgrade to IBM Cloud Pak for Data Version 4.7, you must migrate your current installation to the private topology. For more information, see Upgrading Cloud Pak for Data.

Submitting a request for data
The data requests (Data > Data requests) feature was removed. Use workflows instead.
Offline backup and restore
Offline backup and restore is deprecated and will be removed in a future release. It is recommended that you create online backups. For more information, see Backing up and restoring Cloud Pak for Data.
The user-home-pvc persistent volume claim (PVC) was removed
If your custom monitor implementation uses the user-home-pvc PVC, you must update your code. For details, see Tutorial: Creating a custom monitor.
Customer-reported issues fixed in this release
The following issues, which were reported by customers, have been fixed in Cloud Pak for Data Version 4.7.0: